top of page
EC2.18
Security groups should only allow unrestricted incoming traffic for authorized ports
Severity
Cloud Platforms
Resources
Related Standards
Automated
HIGH
AWS
Amazon EC2
AWS Foundational Best Practice, CDR, ISO27001, SOC2, NIST CSF, NIST.800-53.r5,
YES
This control checks whether the security groups allow unrestricted incoming traffic. The control fails if ports allow unrestricted traffic on ports other than 80 and 443; which are default values for parameter authorizedTcpPorts.
bottom of page